-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Could I also encourage you to do anti-spoofing filtering, a la BCP38?
- - ferg On 6/27/2014 8:17 AM, Adam Greene wrote: > Hi all, > > > > We're evaluating whether to add BGP feeds from these two sources in > attempt to minimize exposure to DoS. > > > > The Team Cymru BOGON list ( > > http://www.team-cymru.org/Services/Bogons/bogon-bn-nonagg.txt or > > http://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt > > ) > > looks promising and common-sense. > > > > We already filter RFC1918 inbound at our edge, and are interested > to see if adding the rest of the blocks will have a significant > positive effect. > > > > If it does, we're planning to try the IPv4 FULLBOGON list: > > > > http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt > > > > We're a little more leery about trying Spamhaus's BGPf service > (DROP, EDROP and BCL, > > > > http://www.spamhaus.org/bgpf/ > > ) > > > > because we really want to avoid false positives. > > > > Just wondering if anyone has any words of caution ("False > positives! Avoid FULLBOGONS and Spamhaus!"), or words of praise > ("Do it all! These services are wonderful!") before we take the > plunge. > > > > Thanks, > > Adam > > - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlOtj3kACgkQKJasdVTchbI5hQD/f0DsWNUsebLOX1Io8MqPWmAl JnlMX5cRxNxXgSNEAnoBAMuXCeSHCJvI8jsL6PaGTbh2GA6uktcYpOEfnlG5xfLC =DmDv -----END PGP SIGNATURE-----
